On Thu, Jun 11, 2009 at 5:07 AM, William Maddler<[email protected]> wrote: > > That's right. OSSEC can't tell what changed, nor it could. > Basicly a "critical" file isn't supposed to change unless there is a > good reason for that (e.g. an upgrade).
Welll.... OSSEC *could* keep copies of certain critical files and diff against them... it's technically possible, even if it's not implemented yet -- Eric http://nixwizard.net
